I hate being victimized! Unfortunately, all of us who use the Internet can be victimized in ways that sometimes defy credibility. Ironically, even those of us who specialize in Internet security can be targeted by cyber-criminals.
Several weeks ago, one of my Blog sites was the target of redirected search engine results. Essentially, what had been happening is this – when a search was made by a web user which produced a result listing my site, and the user clicked on that link, in some circumstances, the user was redirected to a site, or page, controlled by a hijacker.
While this exploit didn’t impact me financially, since I don’t run ads on my sites, it was disappointing knowing that cyber-criminals were potentially benefiting economically from the results of my efforts. Very often, the purpose behind this type of attack is the hacker’s need to increase his site’s reputation on Google, and other search engines, by fraudulently increasing the site’s hits. This can lead to an increase in profits generated by that site.
The dangers to you:
Those of us who are involved in Internet security know – cyber-crooks are unrelenting in their chase to infect web search results. We know that there has been a steady increase in the use of custom-built Websites designed to drop malicious code on computers, and in the manipulation of legitimate pages in order to infect computers with malware.
Earlier today, I read on the Darkreading Website, a security site for IT professionals, “that hackers have launched a multi-faceted attack on the Website of the popular AARP organization, rerouting traffic from the seniors’ association to pornography sites”. A bit chancy, I would have thought.
Other common techniques used by these cyber-criminals include the manipulation of search engine results, and the seeding of Websites among the top results returned by these engines. When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer, by exploiting existing vulnerabilities, is extremely high.
There are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.
Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.
Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.
So what can you do to ensure you are protected, or to reduce the chances you will become a victim?
Keep all applications (including your operating system) patched.
Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.
Turn off your computer or disconnect from the network when not in use.
Disable scripting features in email programs.
Make regular backups of critical data.
Make a boot disk in case your computer is damaged or compromised.
Turn off file and printer sharing on the computer.
Install a personal firewall on the computer.
Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.
Ensure the anti-virus software scans all e-mail attachments.